1. Home
  2. Amazon
  3. SOA-C02

Amazon SOA-C02 Online Practice Questions and Exam Preparation

SOA-C02 Exam Details

  • Exam Code
    :SOA-C02
  • Exam Name
    :AWS Certified SysOps Administrator - Associate (SOA-C02)
  • Certification
    :Amazon Certifications
  • Vendor
    :Amazon
  • Total Questions
    :657 Q&As
  • Last Updated
    :Oct 14, 2025

Amazon SOA-C02 Online Questions & Answers

  • Question 571:

    The company needs EC2 instances in the VPC to resolve DNS names for on-premises hosts using Direct Connect.

    A. Create an Amazon Route 53 private hosted zone. Populate the zone with the hostnames and IP addresses of the hosts in the on-premises data center.
    B. Create an Amazon Route 53 Resolver outbound endpoint. Add the IP addresses of an on-premises DNS server for the domain names that need to be forwarded.
    C. Set up a forwarding rule for reverse DNS queries in Amazon Route 53 Resolver. Set the enableDnsHostnames attribute to true for the VPC.
    D. Add the hostnames and IP addresses for the on-premises hosts to the /etc/hosts file of each EC2 instance.

  • Question 572:

    A SysOps administrator is responsible for managing a fleet of Amazon EC2 instances. These EC2 instances upload build artifacts to a third-party service. The third-party service recently implemented a strict IP allow list that requires all build

    uploads to come from a single IP address.

    What change should the systems administrator make to the existing build fleet to comply with this new requirement?

    A. Move all of the EC2 instances behind a NAT gateway and provide the gateway IP address to the service.
    B. Move all of the EC2 instances behind an internet gateway and provide the gateway IP address to the service.
    C. Move all of the EC2 instances into a single Availability Zone and provide the Availability Zone IP address to the service.
    D. Move all of the EC2 instances to a peered VPC and provide the VPC IP address to the service.

  • Question 573:

    A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of hostl .onprem.private. The other application runs on an Amazon EC2 instance that has a hostname of hostl.awscloud.private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.

    The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.

    Which solution allows the on-premises application to resolve the EC2 instance hostname?

    A. Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
    B. Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
    C. Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
    D. Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.

  • Question 574:

    A company runs us Infrastructure on Amazon EC2 Instances that run In an Auto Scaling group. Recently, the company promoted faulty code to the entire EC2 fleet. This faulty code caused the Auto Scaling group to scale the instances before any of the application logs could be retrieved.

    What should a SysOps administrator do to retain the application logs after instances are terminated?

    A. Configure an Auto Scaling lifecycle hook to create a snapshot of the ephemeral storage upon termination of the instances.
    B. Create a new Amazon Machine Image (AMI) that has the Amazon CloudWatch agent installed and configured to send logs to Amazon CloudWatch Logs. Update the launch template to use the new AMI.
    C. Create a new Amazon Machine Image (AMI) that has a custom script configured to send logs to AWS CloudTrail. Update the launch template to use the new AMI.
    D. Install the Amazon CloudWatch agent on the Amazon Machine Image (AMI) that is defined in the launch template. Configure the CloudWatch agent to back up the logs to ephemeral storage.

  • Question 575:

    A SysOps administrator is troubleshooting connection timeouts to an Amazon EC2 instance that has a public IP address. The instance has a private IP address of 172.31.16.139. When the SysOps administrator tries to ping the instance's public IP address from the remote IP address 203.0.113.12, the response is "request timed out." The flow logs contain the following information:

    What is one cause of the problem?

    A. Inbound security group deny rule
    B. Outbound security group deny rule
    C. Network ACL inbound rules
    D. Network ACL outbound rules

  • Question 576:

    A company deploys an application on AWS behind an internet-facing Application Load Balancer (ALB) in the us-west-2 Region. Amazon Route 53 manages DNS CNAME records for the application. The company is replicating its AWS infrastructure to the eu-west-2 Region.

    A SysOps administrator must implement a Route 53 configuration to distribute application traffic across both Regions.

    Which solution will meet these requirements with the LEAST application response time?

    A. Apply a geolocation routing policy to the CNAME records of both ALBs.
    B. Apply a latency-based routing policy to the CNAME records of both ALBs.
    C. Create a multivalue answer routing policy. Add the public IP addresses for both ALBs.
    D. Create a new private hosted zone that includes a CNAME record for the ALB that is in eu-west-2.

  • Question 577:

    A company has an internal web application that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group in a single Availability Zone. A SysOps administrator must make the application highly available.

    Which action should the SysOps administrator take to meet this requirement?

    A. Increase the maximum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
    B. Increase the minimum number of instances in the Auto Scaling group to meet the capacity that is required at peak usage.
    C. Update the Auto Scaling group to launch new instances in a second Availability Zone in the same AWS Region.
    D. Update the Auto Scaling group to launch new instances in an Availability Zone in a second AWS Region.

  • Question 578:

    An errant process is known to use an entire processor and run at 100%. A SysOps administrator wants to automate restarting the instance once the problem occurs for more than 2 minutes. How can this be accomplished?

    A. Create an Amazon CloudWatch alarm for the Amazon EC2 instance with basic monitoring. Enable an action to restart the instance.
    B. Create a CloudWatch alarm for the EC2 instance with detailed monitoring. Enable an action to restart the instance.
    C. Create an AWS Lambda function to restart the EC2 instance, triggered on a scheduled basis every 2 minutes.
    D. Create a Lambda function to restart the EC2 instance, triggered by EC2 health checks.

  • Question 579:

    A SysOps administrator is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is www.anycompany.com and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name www.anycompany.com does not seem to work, and the static website is not displayed in the browser.

    Which of the following is a cause of this?

    A. The S3 bucket must be configured with Amazon CloudFront first.
    B. The Route 53 record set must have an IAM role that allows access to the S3 bucket.
    C. The Route 53 record set must be in the same region as the S3 bucket.
    D. The S3 bucket name must match the record set name in Route 53.

  • Question 580:

    A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.

    How should the SysOps administrator implement this solution?

    A. Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users
    B. Configure an AWS Config rule to identify IAM users that have not been active for 90 days Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users
    C. Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days Automatically delete these IAM users
    D. Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SOA-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.